I have made a lot of malware detections while working in the Virus Lab. Most people are happy when their avast! antivirus catches a new threat. But not everyone thinks so. There are a few people that, when they get a “virus detected” warning, even disagree and send us a “false positive alert”. These often come with comments such as “Actually, you don’t know what you’re doing” or “this is just patch for some program”.

A few days ago, my colleague that handles false positive alerts noticed a funny thing for me in the file for “banker ring 0” malware, a very popular rootkit in Brazil. Let’s see our FP report: